5.2.5.1 Network initialization phase
SEBD adopts a robot-assisted bootstrapping technique, which securely initializes each sensor node with the required scheme parameters and the secret symmetric keys. Specifically, we assume that a group of mobile robots are dispatched to sweep across the whole sensor field along pre-planned routes. Mobile robots have GPS capabilities as well as more powerful computation and communication capacities than ordinary nodes. The leading robot is also equipped with the network master secret keys KMI and KII
M, and γ. To localize a node, say Siu, mobile robots run the secure range-based localization protocol given in [103, 117] to first measure their respective absolute distance to node Siu and then co-determine its location (xiu, yiu). Subsequently, the leading robot computes the unique secret key that is only shared between the sink and Siu after bootstrapping:
KSiu = H(K
I
where ‘|’ denotes concatenation operation. It also generates a complete list of neighbor nodes, denoted asNSiu for a node Siu
2, and computes a set of neighbor pairwise keys:
suppose Siv = (xiv, yiv) is a neighbor of Siu, then the neighbor pairwise key between the two is
KSiu,Siv = H(K
II
M|Siu|Siv), (3)
where Siu < Siv in their binary representations. The leading robot repeats the cal- culation for all nodes in NSiu and sends all the generated keys plus γ to Siu. Note that the authentication between the sensor nodes and the leading robot can be easily achieved using the technique introduced in [115]. We omit it here for the space limit. Following this process, all the nodes can be furnished with their respective location and the required keys. After that, mobile robots leave the sensor field and the leading robot should securely erase all the keys from its memory. The assumption underlying this approach is that adversaries do not launch active and explicit pinpoint attacks on mobile robots at this stage which usually does not last too long. That is, the robots are not likely subject to compromise. However, the adversaries may still perform relatively passive attacks such as message eavesdropping or strategic channel infer- ence to disturb the localization process [103]. This assumption is reasonable in that mobile robots are much fewer than ordinary sensor nodes and hence we can spend more on them by enclosing them in high-quality tamper-proof hardware and putting them under super monitoring.
5.2.5.2 Boundary detection phase
For each sensor node Siu, the following data structures are defined: listSiu is a table used to store the measurements from nodes in NSiu. nu is the actual number of the one-hop neighbors of node u, and n0 is the expected node degree. ttSiu is used to store current operation time. n+ is the number of ‘1’ measurements in NSiu, while
2#{N
n− is the number of ‘0’s. EN is a list used to store the ids of nodes having endorsed on Siu’s boundary claim message if any. Lastly, M ac is for final overall endorsement constructed. Note that all of them are initialized to zero or ∅.
Upon receiving a boundary extraction request on event type eid, from the sink
or a pre-defined periodical time-out, a node Siu performs the measurement, notifies its neighbors of the result, and adjusts the result according to others’ notifications if necessary:
– Siu prepares MRSiu :={eid, Siu, m0, 0}, and broadcasts MRSiu to its neighborhood.
– Siu collects MRSij for all Sij ∈ NSiu and updates listSiu, i.e., upon receiving message MRSij ={eid, Sij, m0, 0}, Siu updates listSiu by including an entry (Sij, m0).
– Once having received MRSij from all Sij ∈ NSiu, Siu calculates the number of ‘1’ measurements n+ and the number of ‘0’ measurements
n− from listSiu; Siu adjusts its own measurement m as follows: if
m0 == 1 and n+<bnu2−1c, Siu reverses its measurement to m1 : = 0; if m0 == 0 and n− <bnu2−1c, Siu reverses its measurement to
m1 := 1, otherwise, the original measurement is retained, m1 := m0.
– Siu then broadcasts the updated MRSiu :={eid, Siu, m1, 1} together with listSiu in its neighborhood.
Here, a measurement report message MRSiu consists of four fields: i) an event id,
eid, ii) a node id, iii) m, a logic value ‘0/1’, representing whether event eidis detected
or not, and iv) a ‘0/1’ valued indicator, indicating the message is either an original measurement report or an updated report after local adjustment for random error correction. Next, if a node Siu’s updated measurement is ‘1’, it proceeds to check whether or not it is a boundary node based on the information it received. Note
that, if the measurement of Siu is now a ‘0’, then no further operation is needed. The following operations are sequentially executed before reaching the decision:
– For every node Sij in NSiu, Siu does the following consistency check and updates listSiu accordingly: 1) it verifies that the measurements in the common entries in listSij and listSiu are consistent; and 2) it verifies that node Sij’s self-adjusted value, i.e., m1 in MRSij ={
eid, Siu, m1, 1}, conforms to the majority measurements in listSij.
– Siu then calculates n+ and n− for the updated listSiu and further calculates 1− |n+−n−|
nu . If 1−
|n+−n−|
nu ≥ γ, Siu considers itself
a boundary node and prepares a boundary claim message, BCSiu :=
{eid, Siu, 1, ttSiu}, where ttSiu is a time stamp. Siu then broadcasts
{listSiu, BCSiu} to the neighbors to seek their endorsements. listSiu
is attached for consistency verification.
Now assume that a neighbor node, say Sij, receives {listSiu, BCSiu}. Sij proceeds as follows to endorse the BC3.
Here, the endorsement to BCSiu from Sij, i.e., M ACSij, is a unique MAC gener- ated over message {eid|Siu|1|ttSiu} using the unique secret key KSij shared between
Sij and the sink. Hence, no node could forge such a MAC on behalf of others. SEBD also ensures that only the claimed sender can get the endorsement from the receiver/endorser: M ACSij is sent after encryption using the neighbor pairwise key
shared between the sender and receiver. Meanwhile, M ACSij,Siu is computed over ERSij using the same neighbor pairwise key shared between the sender and receiver,
which authenticates the message sender to the receiver. The intended receiver could therefore be assured that the endorsement is indeed from the claimed endorser. Note 3Below M AC(M, K) denotes the message authentication code generated over message M using
– Consistency check: 1) it verifies if the time stamp is fresh, i.e., within the allowed delay interval; 2) it checks the measurement consistency of the common entries contained in both listSiu and its own listSij; 3) it carries out the same procedure to determine if node Siu is a boundary node and verifies that the result conforms to Siu’s claim.
– Upon successful checking, Sij endorses BCSiu :={eid, Siu, 1, ttSiu} by calculating M ACSij := M AC(BCSiu, KSij), generating ERSij
:={Sij, Siu, eid, ttSij, E(M ACSij, KSij,Siu)}. It further calculates
M ACSij,Siu := M AC(ERSij, KSij,Siu), and sends{ERSij,
M ACSij,Siu} back to Siu.
that M ACSiu,Sij 6= MACSij,Siu.
Lastly, node Siu collects all the ERs replied by its neighbors after sending BCSiu. It then constructs a final synthesized boundary report with appropriate endorsements from its neighbors, and sends it to the sink.
A BRSiu is accepted by the sink if and only if i) M ACSiu,sink is authentic; and ii) t ≥ bn02−1c, where t is the number of members in EN; and iii) all nodes in EN are indeed the neighbors of Siu
4; and iv) M ac is authentic, which, in other words,
means that all the t individual M ACSijs are authentic; Note that, in this chapter,
we focus on the compromise-tolerant event boundary detection mechanism, thus we simply assume all BRs are directly forwarded to the sink5.
4This is achieved by extracting node’s location information from its id, and ensuring that the
distance between two nodes is no farther than R.
– Upon receiving {ERSij, M ACSij,Siu} from its neighbor Sij, Siu first checks the time stamp included in ER to make sure the freshness of the message. It further verifies M ACSij,Siu.
– Upon successful verification, Siu then includes Sij into EN, i.e., EN := EN ∪ Sij, and recovers the unique MAC generated by Sij, which is further combined to the synthesized MAC, i.e., M ac := M ac⊕
D(E(M ACSij, KSij,Siu), KSiu,Sij), where D(M, K) denotes a
decryption operation over message M using symmetric key K and ‘⊕’ denotes exclusive or operation.
– Upon #{EN} ≥ bn0−12 c, Siu forms a boundary report message BRSiu
:={BCSiu, M ac,EN}, and forwards {BRSiu, M ACSiu,sink} to
the sink, where M ACSiu,sink := M AC(BRSiu, KSiu).